A bank heist that 'spanned the globe'

New York: A gang of cyber-criminals in 26 countries stole $US45 million ($A44.47 million) in a matter of hours by hacking their way into a database of prepaid debit cards and then fanning out around the globe to drain ATMs, US federal prosecutors say.

Brooklyn lawyer Loretta Lynch called it "a massive 21st-century bank heist" and compared its size to the Lufthansa heist in the late 1970s immortalised in the film Goodfellas. Lynch said the fraudsters had moved with astounding speed to loot financial institutions around the world.

In the place of guns and masks, this cybercrime organisation used laptops and the internet.

A security analyst said it was the biggest ATM fraud case she had heard of.

Images taken from the phone of a suspect, who was one of the eight individuals charged with using data obtained by hacking into two credit card processors in a cybercrime scheme. Photo: Reuters

Seven people are under arrest in the US in connection with the case, which prosecutors said involved thousands of thefts from ATMs using bogus magnetic swipe cards. The accused ringleader in the US cell, Alberto Yusi Lajud-Pena, was reportedly murdered in the Dominican Republic late last month, prosecutors said. More investigations are ongoing and other arrests have been made in other countries, but prosecutors did not have details.

Advertisement

An indictment unsealed on Thursday accused the eight of being members of the New York cell, saying they withdrew $US2.8 million in cash from hacked accounts in less than a day. One of the suspects was caught on multiple surveillance cameras, his backpack increasingly loaded down with cash. Others took photos of themselves with giant wads of cash as they made their way up and down Manhattan.

Lynch said the cells would take a cut of the money then launder it through expensive purchases or ship it wholesale to the global ringleaders, but didn't say where they were located. Prosecutors said the scheme involved attacks on two banks, Rakbank, which is in the United Arab Emirates, and the Bank of Muscat in Oman. Hackers obtained debit card data, eliminated withdrawal limits on the accounts, created access codes and then sent a network of operatives fanning out to rapidly withdraw money in multiple cities, authorities said.

Lynch called it a "virtual criminal flash mob." She said they could use any plastic card to withdraw the cash – an old hotel key card or an expired credit card – as long as they had the account data and correct access codes.

There were two separate attacks, one in December and one in February. In the second attack, more than 36,000 transactions were made worldwide and about $US40 million was stolen.

Lynch would not say who masterminded the attacks globally, who the hackers are or where they were located, citing an ongoing investigation.

The seven men arrested in New York were US citizens originally from the Dominican Republic, lived in Yonkers and were mostly in their 20s. Lynch said they all knew each other and were recruited together, as were other cells in other countries. They were charged with conspiracy and money laundering. If convicted they face 10 years in prison.

Law enforcement agencies in Japan, Canada, Germany, Romania and 12 other countries have been involved in the investigation, US prosecutors said.

Arrests began in March. Lajud-Pena was found dead with a suitcase full of about $US100,000 in cash. The investigation into his death is also continuing separately.

Avivah Litan, an analyst who covers security issues for Gartner, said similar ATM fraud schemes are not uncommon, but the $US45 million stolen in this one was at least double the amount involved in previous, known cases. Middle Eastern banks and payment processors are "a bit behind" on security and screening technologies that are supposed to prevent this kind of fraud, but it happens around the world, she said.

"It's a really easy way to turn digits into cash," Litan said.

Some of the fault lies with ubiquitous magnetic stripes on the back of the cards. The rest of the world has largely abandoned cards with magnetic strips in favour ones with built-in chips that are nearly impossible to copy. But because US banks and merchants have stuck to cards with magnetic stripes, they are still accepted in many places in the world.

In 1978, $US5.8 million in cash was stolen from a Lufthansa Airlines vault at Kennedy Airport, a heist masterminded by Jimmy Burke, the inspiration for Robert De Niro's character in Goodfellas.

12 comments

Pre-paid credit cards? So they are stealing from the not-that-well-off. Wankers! Much more respect if they were skimming off the top of bloated bank accounts!

Commenter

Bill OTS

Location

Petersham

Date and time

May 10, 2013, 9:14AM

You condone stealing at all?

Commenter

Bejo

Date and time

May 10, 2013, 9:34AM

Ultimately, the banks should cover the loss, as it was the fault of the bank. At least that's what would happen in Australia.

Commenter

Commenter2095

Date and time

May 10, 2013, 9:34AM

bill you may well find that they've found the db full of prepaid ccs that havent been issued yet and filled them up, and that they werent pinching off any person with a prepaid cc.

the figures there show that they got over a thousand $ from each transaction - no accident.

Commenter

frank

Date and time

May 10, 2013, 9:58AM

Wow, what logic you have.Even if they stole from the accounts of wealthy tycoons or hedge funds, where do you think that money originates from? The poorer sector, because the 1% cannot be who or what they are without exploiting others.Theft is theft and you should also learn that there is no such thing as a victimless crime.

Commenter

AM

Location

Sydney

Date and time

May 10, 2013, 10:45AM

America has become a criminals paradise. Not only is cyber crime flourishing, but the biggest Wall st Banks have pulled off a much bigger theft by selling their bad debts, dressed up as AAA quality. Google "Public Broadcasting System" on January 22 2013 the program "Frontline," The Untouchables", to see what they have gotten away with.The Too Big To Fail banks have also been involved in laundering huge amounts of Mexican drug money, in the billions of dollars, and the American "War on Drugs" still can't find out who the recpients are. Very strange indeed.No wonder America keeps scaring it's population with "Terrorists". It stops them from noticing what is going on behind their backs.

Commenter

Brian Harry

Location

Tweed Heads NSW

Date and time

May 10, 2013, 10:08AM

theft is used a lot here.does it include the bankers ?

Commenter

thomas vesely

Date and time

May 10, 2013, 11:07AM

"In the place of guns and masks, this cybercrime organisation used laptops and the internet."

I hardly think the relatively benign act of using an ATM is comparable to threatening someone with a mask and firearm.

Theyve still only gotten away with a fraction of the loot that banking institutions manage to steal from the public.

Commenter

do you get it?

Date and time

May 10, 2013, 11:44AM

Not even close. The biggest and best ever 'robbery' was the setting up of the CPA (Coalition Provisional Authority) after the Iraq Invasion. Some of it was just stolen outright, the rest in fraud and corruption. More than 6.5 billion US dollars, probably the largest theft in history.

Commenter

Caffetierra Moka

Location

Sector 7-G

Date and time

May 10, 2013, 11:59AM

Caffetierra Moka. Thanks for the link. I was aware of the theft that went unpunished (and quite possibly not even investigated) in Iraq. But I think with all the QE1,QE2, and QE3 money printing in the USA currently still churning out $85 Billion/month and transferring it to the TBTF banks in New York, was worse. George Galloway's address to the American Senate covered the crime you referred to. See it on You Tube.

Subscribe to IT Pro

Follow Us

Editor's Choice

Prime Minister Tony Abbott has bolstered Malcolm Turnbull's ministerial duties, handing him greater responsibility for e-government in a push to expand the use of a single digital identity for Australians.

Data

The new roof that spans Margaret Court arena does more than keep out the weather. Built into the gantries that surround the sliding ceiling are Wi-Fi antennas that beam web access to every ticket holder.